Step-By-Step Guide: Migrating Active Directory Certificate Service From Windows Server 2008/2008 R2 To Windows Server 2016


With Microsoft ending support of Windows Server 2008/2008 R2 on January 14, 2020, in this blog post I explain on how to migrate your Microsoft Root Certificate Authority running on Windows Server 2003/2008/2008 R2 to Windows 2016. This post also explains on how to migrate your Certification Authority key from Cryptographic Service Provider (CSP) to a Key Storage Provider and on how to migrate from SHA1 to SHA2 (SHA256). Please note similar steps can be used to migrate from Windows 2008 R2/2012 R2 to Windows 2016 and or Windows Server 2019.

Installing/Activating Windows 7/Server 2008/2008 R2 Extended Security Updates (ESU) MAK Key

Update 06.11.2020: Microsoft activation link updated.

Update 03.12.2020: Before installing and activating ESU keys, please ensure you have installed all prerequisites outlined under Prerequisite For Deploying ESU below.


Announced by Microsoft on March 12, on January 14, 2020, Windows 7 and Windows Server 2008/2008 R2 will go out of support, and soon thereafter Office 2010. Out of support means that there will no longer be any development or security patches released for these operating systems.

Request a Call Back